HIPAA Business Associates

On Thursday, July 8, 2010, the Department of Health and Human Services (HHS) announced proposed modifications to the HIPAA Privacy & Security Rules implementing the HITECH Act.  The proposed modifications include new requirements on business associates with regard to their subcontractors.  

The Office for Civil Rights (OCR) within HHS proposes to include in

For covered entities (CEs) who have tight privacy and security measures in place, the breach notification requirements under HITECH (amending HIPAA) might not seem especially onerous.  But what about breaches the CE doesn’t know about?  What if the CE’s business associate (BA) fails to report a breach of unsecured health information?  What if the BA

On my previous post, I left open the question of whether UPS is on the hook under HIPAA for the box of medical records that ended up in a paper scrap resale warehouse.  The brief response is not under HIPAA. 

The federal government has expressly stated that mail carriers are not considered business